Battle Blog / A Classic ASP Blogging Solution. Battle Blog Logo


Battle Blog Logo

Home
Download Version 1.30
Contact
Office Battle Blog
Listing of Battle Blogs
Administration

RSS Icon

Top User Comments

Minion (0)
Dave (0)
hi (0)
hi (0)
sananess (0)

Latest User Comments

meta http-equiv= (0)
prueba (0)
fsdfsdfsdfsdf (0)
rolex (0)
rolex (0)

Archived Entries

Important Fixes to Address Battle Blog Vulnerabilities (0)
I Hear You Knockin' But You Can't Get In. (0)
MS SQL Install Script Updated in Latest Build (0)
A Quick Word from Your Battle Blog Developer (0)
Battle Blog 1.30 Available for Download (0)
What Doesn't Kill You..... (0)


 


Wednesday 6/4/08 (614 days ago)

What Doesn't Kill You.....

Posted by tdave365 under Security Reflection Bugs at 4:41:12 AM
Score: 0 | Comments (31) | Make Comment | Demote (0) | Promote (0) | Focused: 6491 | Permalink | Digg It

Well, turns out there was a fairly simple SQL injection hack that enabled anyone from the public to manipulate the Battle Blog database. The folks who discovered this posted detailed information about the exploit. I wish they hadn't zapped all of Battle Blog's previous entries and comments to prove their point, but, I'm happier to have the information. So, uh, thanks?

The fix in the short-term is to simply test whether or not any value passed in the entry querystring is in fact numeric only. This should result in anything else, like an UPDATE command to your Battle Blog table, throwing an error or doing whatever else you decide should be done. In current Battle Blog code, you can add the following line for a quick fix at line 82 in comment.asp and article.asp:

82> if IsNumeric(CurrentEntry)=False then CurrentEntry=""

Then there is the more efficient fix (e-mailed to me by a Battle Blog user that has forked his own):

In comment.asp and article.asp, find the line that reads:

CurrentEntry = request.querystring("Entry")

and change it to:

CurrentEntry = cint(request.querystring("Entry"))

For either quick fix, these just throw an error whenever the hack is attempted.

I'll be reviewing the code base for more potential SQL vulnerabilities, but these seem to be the only ones manipulatable by the public. While I'm doing this I am suspending the availability of Battle Blog until I've posted the fixed version that does something more eloquent.

If the hackers in question have any other information about how to prevent this, I'm all ears. Just keep it in a comment - not practice. I know that's probably not as fun, but consider yourselves already scored here, eh?

Leave Comment (31)   




Home


Powered by Battle Blog